xorg-x11-server-1.20.11-34.el9_8

エラータID: AXSA:2026-1212:08

Release date: 
Tuesday, July 7, 2026 - 21:42
Subject: 
xorg-x11-server-1.20.11-34.el9_8
Affected Channels: 
MIRACLE LINUX 9 for x86_64
Severity: 
High
Description: 

X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical user interfaces are designed upon.

Security Fix(es):

* xorg: xwayland: X.Org X server: Denial of Service via integer underflow in XKB compatibility map handling (CVE-2026-33999)
* xorg: xwayland: X.Org X server: Use-after-free vulnerability leads to server crash and potential memory corruption (CVE-2026-34001)
* xorg: xwayland: X.Org X server: Information exposure and denial of service via out-of-bounds memory access (CVE-2026-34003)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

CVE-2026-33999
A flaw was found in the X.Org X server. This integer underflow vulnerability, specifically in the XKB compatibility map handling, allows an attacker with local or remote X11 server access to trigger a buffer read overrun. This can lead to memory-safety violations and potentially a denial of service (DoS) or other severe impacts.
CVE-2026-34001
A flaw was found in the X.Org X server. This use-after-free vulnerability occurs in the XSYNC fence triggering logic, specifically within the miSyncTriggerFence() function. An attacker with access to the X11 server can exploit this without user interaction, leading to a server crash and potentially enabling memory corruption. This could result in a denial of service or further compromise of the system.
CVE-2026-34003
A flaw was found in the X.Org X server's XKB key types request validation. A local attacker could send a specially crafted request to the X server, leading to an out-of-bounds memory access vulnerability. This could result in the disclosure of sensitive information or cause the server to crash, leading to a Denial of Service (DoS). In certain configurations, higher impact outcomes may be possible.

Solution: 

Update packages.

Additional Info: 

N/A

Download: 

SRPMS
  1. xorg-x11-server-1.20.11-34.el9_8.src.rpm
    MD5: 312462dc2fcfe46c800b30ceaf1f6c96
    SHA-256: 6a05bf0b9b9cb47190620b24f1225177a1cb026afcb89d10edacf956f68b23d8
    Size: 6.32 MB

Asianux Server 9 for x86_64
  1. xorg-x11-server-common-1.20.11-34.el9_8.x86_64.rpm
    MD5: 7f1a716d365317333c8f579cbc688c16
    SHA-256: 0b71c3e62753a150c7cbe64d48c7dc69384e0f3c5331a45228dca82ff0b9e30f
    Size: 33.64 kB
  2. xorg-x11-server-devel-1.20.11-34.el9_8.i686.rpm
    MD5: 8978c9efc73d57b86c831225d732917b
    SHA-256: 642260b5da2591e85ff1e5e758a7cf392802bdda8726b3bc7c939bf9f6923bb0
    Size: 251.21 kB
  3. xorg-x11-server-devel-1.20.11-34.el9_8.x86_64.rpm
    MD5: 738b4da9960455e3fa54e3937b0ec436
    SHA-256: e7d9d948565c5eb3348dac21e3252e2c9480355224aa13aa3121910a4867fca8
    Size: 251.21 kB
  4. xorg-x11-server-source-1.20.11-34.el9_8.noarch.rpm
    MD5: 153c8c0afb10fc7e98c48c5a3dd4c5b1
    SHA-256: cdd31674e66c599303679b3ca35eecd4bc39876d6f97d58487cfd83428054828
    Size: 2.37 MB
  5. xorg-x11-server-Xdmx-1.20.11-34.el9_8.x86_64.rpm
    MD5: 2b425803aa1778bc69c5244e69b1d40e
    SHA-256: 1006cf7ee56b94a7838678281bec7197f498a8162de13bffa1b02a336b88e9f2
    Size: 900.52 kB
  6. xorg-x11-server-Xephyr-1.20.11-34.el9_8.x86_64.rpm
    MD5: 0fcaf3a399ef11d6a5c62376b867839c
    SHA-256: 83c1f42b930a6f0f92317de0a70f093cd0c39e10d3013dabd84750429aca27d7
    Size: 1.02 MB
  7. xorg-x11-server-Xnest-1.20.11-34.el9_8.x86_64.rpm
    MD5: b4d7e0c99062e1d235940cf2272b12d8
    SHA-256: e691786487820e8bc0588c9e67bc95e77e377714fb4ec2e0fe479a88bf68f975
    Size: 718.40 kB
  8. xorg-x11-server-Xorg-1.20.11-34.el9_8.x86_64.rpm
    MD5: 2be02212206c549d4c5b5c71c9d0c9d0
    SHA-256: b6a2623813aac4a3478fbac4906deb4c31c87ff9dc27d9410235084d19dc65d5
    Size: 1.46 MB
  9. xorg-x11-server-Xvfb-1.20.11-34.el9_8.x86_64.rpm
    MD5: eee5d41ddac310c405a750166485df98
    SHA-256: d027b2717dc8ba0aa15241c4611f9f26ad4dfbf9b96de55888ec8af1ac421e99
    Size: 894.94 kB